Working Principle For Solace Loopback Bridge

Abhikesh
Abhikesh Member Posts: 34 ✭✭
edited September 2021 in General Discussions #1

Hi,

I have question around Solace loopback Message VPN Bridge which is used for link two Message VPNs on same event broker.

Let's say we have Appliance Name “Router_DC_1” and there are 2 VPN i.e. VPN_A & VPN_C, Now both VPN is linked together via bridge (VPN_A_to_VPN_C) on same appliance.

There is DR for this setup on “Router_DR_1” and we have capabilities to Flip single VPN from DC to DR without flipping all VPN’s, Now let’s say we flip VPN_A from “Router_DC_1” to “Router_DR_1” and VPN is now active on Router_DR_1

Will my bridge still work in this case ? Because this was loopback bridge which was connected via 127.0.0.1 on same appliance and now VPN “VPN_A” flipped to other appliance!

Tagged:

Comments

  • TomF
    TomF Member, Employee Posts: 406 Solace Employee

    Hi @Abhikesh, interesting question... I'm working on it!

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 508 admin
    edited September 2021 #3

    Nope! You should always use the appliances' (both of them) message bus VIPs, with two remote VPNs in your VPN bridge configuration. Using the loopback on appliances is a pretty old-school way of doing things, and DR is a great reason why. DR was introduced in SolOS 6.x. If only ever one HA-pair, then I guess loopback is fine.

    (That's off the top of my head... I hope @TomF 's research turns up the same answer!)

  • TomF
    TomF Member, Employee Posts: 406 Solace Employee

    @Aaron , @Abhikesh , er... no, my research has lead me in to a hole. From our docs: "When creating a loopback bridge, you should use an IP address of 127.0.0.1 and not specify a physical interface."

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 508 admin

    Huh, so the docs don't specify, eh? I mean, yes it's definitely possible to create a loopback, and if/when you do a DR failover, BOTH VPNs move over, then I think it should also still be ok. But if you can split them, then you'll need the other IP address.

    Well, maybe that's it? Maybe you still need 2 IP addresses / 2 remote VPNs in your bridge config... one loopback, and one for the DR machine?

    I'll inquire.

  • SasikumarSP
    SasikumarSP Member Posts: 31 ✭✭

    @Abhikesh,

    loopback bridge with 127.0.0.1 will not work if anyone msgVPN failover to DR. This setup is suitable only if both msgVPNs
    failovers together.

    As Aron suggested you can use two remote msgVPN connect-via. Please note when connect-order is configured as 1 and 2 respectively then the bridge always try to connect using 127.0.0.1 as first and then it try 2nd remote msgVPN which is configured with IP or DNS alias.

    I would suggest as a best practice, to create two remote msgVPNs with respective appliance msg-IP without compression enabled.

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 508 admin

    Apologies, this has been sitting in my Drafts since last week!!

    @Abhikesh yeah I checked with one of our product architects, just for confirmation: you'll need two Remote VPNs configured inside your bridge... one for the loopback (when both VPNs are live on the same set of appliances), and one with the primary VIP of the other HA pair in the DR setup.

    Hope that helps!